Supply Chain Risk Now?


The supply chain business community now includes Risk Management as a business priority and cites it as a key area in need of improvement. Are solution providers ready?



In the early 2000s we saw the emergence of the first Supply Chain Risk applications. Vivecon,1 founded by Blake Johnson, was the first such attempt. ChainLink worked back then with Vivecon, Stanford University (Blake’s alma mater), and MIT to host an event. A surprising turnout of big name companies arrived to share their knowledge. We discovered that many of them were toiling away trying to develop some automated models for themselves. Having dozens of companies developing their own systems is a sure sign that a commercial solution’s time has come.

Well, maybe we all were a little early. ChainLink participated in or joined a half dozen supply chain risk groups,2 dozens of workshops, and worked with various insurance/risk organizations, most notably Marsh and McLennan and Kroll Security.3 A variety of technologies were sprouting out of these and other centers of thought to deal with the challenges of Supply Chain Risk. More pundits joined the discussion and books began to be published on supply chain risk.

So, where there is noise, there must be — ok, this is a risk conversation so we don’t want fire. We did need some solutions, though, as events of the last decade proved. But it turns out that RISK is a very big topic and there are very many aspects to cover. So the question was: on what do you focus?Or more to the point: What should you focus on so that people will pay meaningful dollars for solutions? Could a real market develop to support several solution offerings?

An Idea Whose Time Has Come

In our Business Priorities research, we ask companies each year about their priorities. In previous years, risk was not a top-of-the-list issue. But now it’s different, with Risk Management making the top issues for business.4 And the market now has a variety of solutions to offer.

In addition, after a decade of work by many organizations (including ChainLink) a valid body of work exists on a measurable ROI from resiliency/risk mitigation methods and technologies.

Figure 1 – Measurable Mitigation — Impact from Risk Events

We have moved beyond ideas to that goal of a commercially viable solution. Recent meetings like the Global Supply Chain Resiliency Council,5 and groups like the Supply Chain Risk Leadership Council,6 as well as universities,7 which also have formed executive and research groups, are all joining the discussion.

We also participated in a webinar last week called the Top Ten Supply Chain Risk Insights. (If you want to know how hot this topic is, we had over 400 attendees!) Note that this was not the top ten risks, but insights, since the community of supply chain and risk professionals is really starting to develop the required knowledge about risk and its mitigations to nudge the discussion and the market forward. An uneducated market does not buy solutions.

Solutions Emerge

Risk Management, Supplier Risk,8 Security9 — these and other terminologies are emerging to describe the companies in the market with viable solutions. Yet certain core ideas are rising above the myriad of point applications and have led to implementable solutions for end-users to purchase. Some examples: A solution like Resilinc focuses squarely on the supply chain — material management is the core here; whereas IDV Solutions emerged from a visualization technology approach of monitoring people and assets at risk and developed into enterprise-wide processes. Hiperos (acquired by Opus) focuses on what they call third party management, which is supplier information and compliance.

In addition, other solution providers, such as logistics, that clearly live in the risky world of supply chain are adding to or announcing risk mitigating elements of their solution. An example here is GT Nexus Live, which, based on streaming ocean and asset data,10 can track shipments in real-time. Savi Technology, as well, after a decade focused on satellite, GPS, RFID, and sensors for tracking and control has emerged with sophisticated and yet easy-to-use applications: Savi Tracking (for asset management) and Savi Insight(analytics) for logistics risk management. The logistics community is embracing the Internet of Things readily, since a thing in motion is at its most vulnerable.11 In fact, in our research, security in the IoT was mentioned as a major issue.12

Another example is PTC. Though not a supply chain solution, per se, their focus on product design includes preventing designing or sourcing material from illicit sources. Thus, their Conflict Minerals module.13

JDA, in response to their customers’ issues, has also launched a supply chain risk solution. They surveyed their customer base14 and interestingly, in their research stated, “The amount of re-planning needed to respond to volatile market demand was rated as the number one challenge in production planning.”The idea behind this solution is to respond to demand variability more intelligently.

Under the Hood

To create these solutions takes years of dedication and more data and the software to analyze it than you can imagine. So it is probably not a time to join the ranks if you haven’t got the foundation. These players have patented technologies, and have developed advanced algorithms and analytics to create sophisticated applications. IDV has worked a decade on visualization and monitoring, as well as on the sifting of visual and live streams of data to make it actionable for the user.

Resilinc has worked the supply chain material chains and the impact of shortages on revenue — also no small feat. Mapping supply chains and having methods to sense subtle changes in the material chain, supplier behaviors, and how they impact costs and sales takes a lot of brain power to create.

Under the hood, many of these solutions also get multiple sources of live streaming data. Temporal data is a different animal to handle than the traditional databases, EDI, or HTTPS-type communications which adhere to the old and well-understood data structures and standards. Temporal data streams can include a video — a passing person or thing, sensor feeds, or weather, for example. These, like a gust of wind, come and pass you by and if your systems don’t catch them, you missed it! That’s my layman’s description of what temporal is. This points to the unique characteristics of this type of data and the need to have developers who understand how to work with it. Skill and expertise is not easily come by.

Multiple source providers such as TransVoyant, iJet, Esri, and others are sometimes unknown to end-users, but become critical components of the visual and temporal content of these systems.

Analytics is also a key. The role of the data scientist has emerged in many areas. But the reality is that users are not ‘scientists’ and abhor the word. Thus, solutions have to be purpose-built — that is, real, usable applications for end-users. However, since sensing risk is a day-by-day activity, adaptive techniques are required in the application to allow users to build their own body of knowledge and analytics.15

On the Desktop: Command and Control

Creating a visual approach seems to be an emerging component, although visuals are not necessarily required to sense a risk and respond. After all, many users are not sitting at their desks. But many are, or at least want to consult a ‘command center’ to see an integrated picture of what is happening, often a world away.

Certainly a topic for another time, but worth mentioning, is the plethora of monitoring and command center applications entering the market. These blend a variety of views — often cross-application — to create a meaningful real-time picture of the business. Of note here is that the UI (and a few other technology considerations) becomes paramount. Unfortunately most companies, excited about the possibilities, toss too many windows and too much data onto these displays, so they lose their impact. We can address that issue in more depth in another article. Suffice it to say, tossing a lot of data in front of users, per se, does not mitigate risk. Again, special skill sets are required to develop high impact command centers.


Solution providers who precisely focus on supply chain risk will continue to expand their footprint, but focus areas will remain. Most of these players’ customers are very actively engaged in requesting, utilizing and adapting these solutions to a wider and wider footprint. It has taken many years for providers to develop their valuable intellectual property and expertise, which won’t easily be imitated by new kids on the block. But where there is noise, new solution providers are bound to enter. And there will be mergers along the way to capture market share.

Be forewarned. This area requires real expertise — not just technologies, but an understanding of the users’ supply chains, the elements of risk management, and what users’ priorities are, which differ from industry to industry. Of late, more pundits have gotten into the airspace. They are adding brain power, which is good. But many are off-target. They have supply chain, but no risk background, or vice versa. Culling out the true actionable insights that will drive risk mitigation and cost benefit for customers requires sound expertise and true cross-functional, cross-chain analytics.


1 Vivecon Corporation Raises $11 Million in Additional Financing – PR Newswire — Return to article text above
2 Examples included the US military; National Critical Infrastructure Protection; and a consortium of high tech companies focused on cyber security, hosted by IEEE and others. — Return to article text above
3 Kroll was owned by Marsh and McLennan at that time. — Return to article text above
4 22% of our respondents rated this in the top 3 Read Business Priorities 2015 in this issue. — Return to article text above
5 Open attendance discussion group — here is LinkedIn site to join discussion — Return to article text above
6 Supply Chain Risk Leadership Council Members only groupReturn to article text above
7 MIT, Lehigh University, NYU and others — Return to article text above
8 Read Supply Chain Risk SolutionsReturn to article text above
9 Read The Challenge of Decade — Cyber RiskReturn to article text above
10 This leverages TransVoyant sources to provide the actual asset data rather than days old sailing schedules from other sources. — Return to article text above
11 Read Driving Risk out of the Supply Chain, a paper we just wrote about Logistics Risk. — Return to article text above
12 Read Business Priorities 2015 — Managing the Internet of Things, in our next issue — Return to article text above
13 Read Turning Conflict Minerals Compliance into a Competive AdvantageReturn to article text above 14 JDA Vision 2015 StudyReturn to article text above 15 Read Revolutionizing Logistics for a discussion of these methods. — Return to article text above

To view other articles from this issue of the brief, click here.

Scroll to Top